Hi, On 12/11/17 18:37, Steffan Karger wrote: [CUT]
> +void
> +tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
> +{
> + /* OpenSSL does not have certificate profiles, but a complex set of
> + * callbacks that we could try to implement to achieve something similar.
> + * For now, use OpenSSL's security levels to achieve similar (but not
> equal)
> + * behaviour. */
> + if (0 == strcmp(profile, "preferred"))
> + {
> + SSL_CTX_set_security_level(ctx->ctx, 2);
unfortunately this function does not exist in OpenSSL 1.0.x and openvpn
does not compile.
However, we don't need anything equivalent for openssl-1.0.x because the
legacy profile is implicitly supported there.
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
